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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 09 December 2004 . 
2a)D This action is FINAL. 2b)|3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 35-55 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 35-55 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1. 17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR L 1 14. Applicant's submission filed on 
December 9, 2004 has been entered. 

Drawings 

2. The drawings were received on 4-26-2004. The proposed drawings changes have 
been accepted; however, several informalities were detected by the draftsperson (see 
attached PTO 948). New corrected drawings are required. 

3. Claims 35-55 have been examined. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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5. Claims 35, 37-42,44-49, 51-55 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent No. 6205437 to Gifford in view of U.S. Publication NO. 
2004/0243520 to Bishop et al. and US Publication NO. 2001/0044787 to Shwartz et al. 

Referring to claims 35 and 42, Gifford discloses storing a public key associated 
with a public key infrastructure (PKI) key pair in a profile database (see col. 10, lines 37- 
42), in response to receiving an authentication request from a buyer over a network, the 
authentication request including a description of the payment transaction and an identity 
of a seller (see col. 6, lines 16-32), storing a digitally signed record of the payment 
transaction in a transaction archive, i.e. "transaction database" (see col. 8, lines 16-19) 
and sending an authentication response to the seller over the network (see col. 6, lines 52- 
61). Gifford does not expressly disclose sending a challenge request to the buyer over the 
network, the challenge request including a summary of the payment transaction to be 
displayed to the buyer and then digitally signed by the buyer using a private key associate 
with the PKI key pair, or in response to receiving a challenge response from the buyer 
over the network, the challenge response including the digitally singed summary of the 
payment transaction, determining whether the buyer has access to the private key by 
using the public key to decrypt the digitally signed message. Bishop et al. disclose 
sending a challenge request to the buyer over the network, the challenge request message 
to be displayed to the buyer then digitally signed by the buyer using a private key 
associate with the PKI key pair, or in response to receiving a challenge response from the 
buyer over the network, the challenge response including the digitally singed message, 
determining whether the buyer has access to the private key by using the public key to 
decrypt the digitally signed message (see paragraphs [0094] & [0095]). Shwartz et al. 



Application/Control Number: 09/8 1 8,084 Page 4 

Art Unit: 3621 

disclose the challenge request including a summary of the payment transaction (see 
paragraphs [0182]-[0184]). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the method disclose by Gifford 
to include the steps of sending a challenge request to the buyer over the network, the 
challenge request including a summary of the payment transaction to be displayed to the 
buyer and then digitally signed by the buyer using a private key associate with the PKI 
key pair, or in response to receiving a challenge response from the buyer over the 
network, the challenge response including the digitally singed summary of the payment 
transaction, determining whether the buyer has access to the private key by using the 
public key to decrypt the digitally signed message. One of ordinary skill in the art would 
have been motivated to do this because it protects the network server from attacks and 
improve the ease and safety of electronic commerce for consumers (see Bishop et al. & 
Shwartz et al.). 

Referring to claims 37,44 and 51, Gifford discloses the method wherein the record 
of the payment transaction is digitally signed using the private key (see col. 10, lines 43- 
45). 

Referring to claims 38,45 and 52, Gifford discloses the method wherein the record 
of the online transaction is digitally signed using a local private key (see col. 10, lines 48 
& 49). 

Referring to claims 39,46 and 53, Gifford discloses the method wherein the public 
key is stored in the form of a digital certificate representing that the public key is tied to 
the buyer (see col. 7, lines 44-46). 
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Referring to claims 40,47 and 54, Gifford discloses several databases including 
account database storing account information and an address database storing shipping 
address information (see col 8, lines 12-24 and 33-36). Gifford also discloses receiving a 
selection of one of the plurality of payment instruments (i.e. "means of payment") and 
one of the plurality of shipping addresses form the buyer over the network (see col. 5, 
lines 34-50; col. 8, lines 33-35). Gifford does not expressly disclose retrieving a buyer 
profile from the database, the buyer profile including a plurality of payment instruments 
and a plurality of shipping address and sending the buyer profile to the buyer over the 
network; however, these are inherent steps. Before selecting the method of payment and 
address information, the buyer must first be provided with his profile. 

Referring to claims 41,48 and 55, Gifford discloses processing the payment 
transaction via a payment gateway (i.e. "payment computer") see col. 6, lines 12-14. 

Referring to claim 49, Gifford discloses a profile database, i.e. account database 
and address database, transaction archive, i.e. settlement database" (see col. 7, lines 66-67 
& col. 8, lines 1-7) an authentication service web server (i.e. "payment computer") 
coupled to the profile database, the transaction archive and the network, the 
authentication service web server adaptively configured to (see col. 4, lines 46-55) store a 
public key associated with a public key infrastructure (PKI) key pair in a profile database 
(see col. 10, lines 37-42), in response to receiving an authentication request from a buyer 
over a network, the authentication request including a description of the payment 
transaction and an identity of a seller (see col. 6, lines 16-32), store a digitally signed 
record of the payment transaction in a transaction archive, i.e. "transaction database" (see 
col. 8, lines 16-19) and send an authentication response to the seller over the network (see 
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col. 6, lines 52-61). Gifford does not expressly disclose the web server adaptively 
configured to send a challenge request to the buyer over the network, the challenge 
request including a summary of the payment transaction to be displayed to the buyer then 
digitally signed by the buyer using a private key associate with the PKI key pair, or in 
response to receiving a challenge response from the buyer over the network, the 
challenge response including the digitally singed summary of the payment transaction, 
determine whether the buyer has access to the private key by using the public key to 
decrypt the digitally signed summary of the payment transaction. Bishop et al. disclose 
sending a challenge request to the buyer over the network, the challenge request message 
to be displayed to the buyer then digitally signed by the buyer using a private key 
associate with the PKI key pair, or in response to receiving a challenge response from the 
buyer over the network, the challenge response including the digitally singed message, 
determining whether the buyer has access to the private key by using the public key to 
decrypt the digitally signed message (see paragraphs [0094] & [0095]). Shwartz et al 
disclose the challenge request including a summary of the payment transaction (see 
paragraphs [0182]-[0184]). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the method disclose by Gifford 
to include the steps of the web server adaptively configured to send a challenge request to 
the buyer over the network, the challenge request including a summary of the payment 
transaction to be displayed to the buyer then digitally signed by the buyer using a private 
key associate with the PKI key pair, or in response to receiving a challenge response from 
the buyer over the network, the challenge response including the digitally singed 
summary of the payment transaction, determine whether the buyer has access to the 
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private key by using the public key to decrypt the digitally signed summary of the 
payment transaction. One of ordinary skill in the art would have been motivated to do 
this because it protects the network server from attacks and improve the ease and safety 
of electronic commerce for consumers (see Bishop et al. & Shwartz et al.). 

6. Claims 36,43 and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gifford, Bishop et al. and Shwartz et al. as applied to claims 35, 42 and 49 above, 
and further in view of US Publication NO. 2001/0014158 to Baltzley. 

Gifford discloses PKI key pair (see claims 35 and 42 above). Gifford does not 
expressly disclose creating the PKI key pair, and sending the private key to the buyer 
over the network. Baltzley discloses creating the PKI key pair (see paragraph [0010], and 
sending the private key to the buyer over the network (see paragraph [001 1]). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the 
art to modify the method disclose by Gifford to include the steps of creating the PKI key 
pair, and sending the private key to the buyer over the network. One of ordinary skill in 
the art would have been motivated to do this because it prevents fraud by providing 
additional security. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 703-305- 
0057. The examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on 703-305-9768. The fax phone number for 
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the organization where this application or proceeding is assigned is 703-872-9306 for 
Regular/After Final Actions and 703-746-9443 for Non-Official/Draft. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 



Hand delivered responses should be brought to Crystal Park 5, 2451 Crystal 
Drive, Arlington, ^A" 5 ^evQnth floor receptionist. . 



Commissioner of Patents and Trademarks 
PO Box 1450 
Alexandria, VA 22313-1450 



February 1,2005 




Jalafcpe Worjloh 
Patent Examiner 
Art Unit 3621 



